tlslite/constants.py
# Authors:
# Trevor Perrin
# Google - defining ClientCertificateType
# Google (adapted by Sam Rushing) - NPN support
# Dimitris Moraitis - Anon ciphersuites
# Dave Baggett (Arcode Corporation) - canonicalCipherName
# Yngve Pettersen (ported by Paul Sokolovsky) - TLS 1.2
#
# See the LICENSE file for legal information regarding use of this file.
from .utils.compat import a2b_hex
"""Constants used in various places."""
# protocol version number used for negotiating TLS 1.3 between implementations
# of the draft specification
# DEPRECATED!
TLS_1_3_DRAFT = (3, 4)
# ServerHello.random value meaning that the message is a HelloRetryRequest
TLS_1_3_HRR = a2b_hex("CF21AD74E59A6111BE1D8C021E65B891"
"C2A211167ABB8C5E079E09E2C8A8339C")
# last bytes of ServerHello.random to be used when negotiating TLS 1.1 or
# earlier while supporting TLS 1.2 or greater
TLS_1_1_DOWNGRADE_SENTINEL = a2b_hex("444F574E47524400")
# last bytes of ServerHello.random to be used when negotiating TLS 1.2
# while supporting TLS 1.3 or greater
TLS_1_2_DOWNGRADE_SENTINEL = a2b_hex("444F574E47524401")
RSA_PSS_OID = bytes(a2b_hex('06092a864886f70d01010a'))
class TLSEnum(object):
"""Base class for different enums of TLS IDs"""
@classmethod
def _recursiveVars(cls, klass):
"""Call vars recursively on base classes"""
fields = dict()
for basecls in klass.__bases__:
fields.update(cls._recursiveVars(basecls))
fields.update(dict(vars(klass)))
return fields
@classmethod
def toRepr(cls, value, blacklist=None):
"""
Convert numeric type to string representation
name if found, None otherwise
"""
fields = cls._recursiveVars(cls)
if blacklist is None:
blacklist = []
return next((key for key, val in fields.items() \
if key not in ('__weakref__', '__dict__', '__doc__',
'__module__') and \
key not in blacklist and \
val == value), None)
@classmethod
def toStr(cls, value, blacklist=None):
"""Convert numeric type to human-readable string if possible"""
ret = cls.toRepr(value, blacklist)
if ret is not None:
return ret
else:
return '{0}'.format(value)
class CertificateType(TLSEnum):
x509 = 0
openpgp = 1
class ClientCertificateType(TLSEnum):
rsa_sign = 1
dss_sign = 2
rsa_fixed_dh = 3
dss_fixed_dh = 4
ecdsa_sign = 64 # RFC 8422
rsa_fixed_ecdh = 65 # RFC 8422
ecdsa_fixed_ecdh = 66 # RFC 8422
class SSL2HandshakeType(TLSEnum):
"""SSL2 Handshake Protocol message types."""
error = 0
client_hello = 1
client_master_key = 2
client_finished = 3
server_hello = 4
server_verify = 5
server_finished = 6
request_certificate = 7
client_certificate = 8
class SSL2ErrorDescription(TLSEnum):
"""SSL2 Handshake protocol error message descriptions"""
no_cipher = 0x0001
no_certificate = 0x0002
bad_certificate = 0x0004
unsupported_certificate_type = 0x0006
class HandshakeType(TLSEnum):
"""Message types in TLS Handshake protocol"""
hello_request = 0
client_hello = 1
server_hello = 2
new_session_ticket = 4
end_of_early_data = 5 # TLS 1.3
hello_retry_request = 6 # TLS 1.3
encrypted_extensions = 8 # TLS 1.3
certificate = 11
server_key_exchange = 12
certificate_request = 13
server_hello_done = 14
certificate_verify = 15
client_key_exchange = 16
finished = 20
certificate_status = 22
key_update = 24 # TLS 1.3
compressed_certificate = 25 # TLS 1.3
next_protocol = 67
message_hash = 254 # TLS 1.3
class ContentType(TLSEnum):
"""TLS record layer content types of payloads"""
change_cipher_spec = 20
alert = 21
handshake = 22
application_data = 23
heartbeat = 24 # RFC 6520
all = (20, 21, 22, 23, 24)
@classmethod
def toRepr(cls, value, blacklist=None):
"""Convert numeric type to name representation"""
if blacklist is None:
blacklist = []
blacklist.append('all')
return super(ContentType, cls).toRepr(value, blacklist)
class ExtensionType(TLSEnum):
"""TLS Extension Type registry values"""
server_name = 0 # RFC 6066 / 4366
max_fragment_length = 1 # RFC 6066 / 4366
status_request = 5 # RFC 6066 / 4366
cert_type = 9 # RFC 6091
supported_groups = 10 # RFC 4492, RFC-ietf-tls-negotiated-ff-dhe-10
ec_point_formats = 11 # RFC 4492
srp = 12 # RFC 5054
signature_algorithms = 13 # RFC 5246
heartbeat = 15 # RFC 6520
alpn = 16 # RFC 7301
client_hello_padding = 21 # RFC 7685
encrypt_then_mac = 22 # RFC 7366
extended_master_secret = 23 # RFC 7627
compress_certificate = 27 # RFC 8879
record_size_limit = 28 # RFC 8449
session_ticket = 35 # RFC 5077
extended_random = 40 # draft-rescorla-tls-extended-random-02
pre_shared_key = 41 # TLS 1.3
early_data = 42 # TLS 1.3
supported_versions = 43 # TLS 1.3
cookie = 44 # TLS 1.3
psk_key_exchange_modes = 45 # TLS 1.3
post_handshake_auth = 49 # TLS 1.3
signature_algorithms_cert = 50 # TLS 1.3
key_share = 51 # TLS 1.3
supports_npn = 13172
tack = 0xF300
renegotiation_info = 0xff01 # RFC 5746
class HashAlgorithm(TLSEnum):
"""Hash algorithm IDs used in TLSv1.2"""
none = 0
md5 = 1
sha1 = 2
sha224 = 3
sha256 = 4
sha384 = 5
sha512 = 6
intrinsic = 8 # RFC 8422
class SignatureAlgorithm(TLSEnum):
"""Signing algorithms used in TLSv1.2"""
anonymous = 0
rsa = 1
dsa = 2
ecdsa = 3
ed25519 = 7 # RFC 8422
ed448 = 8 # RFC 8422
class SignatureScheme(TLSEnum):
"""
Signature scheme used for signalling supported signature algorithms.
This is the replacement for the HashAlgorithm and SignatureAlgorithm
lists. Introduced with TLSv1.3.
"""
rsa_pkcs1_sha1 = (2, 1)
rsa_pkcs1_sha224 = (3, 1)
rsa_pkcs1_sha256 = (4, 1)
rsa_pkcs1_sha384 = (5, 1)
rsa_pkcs1_sha512 = (6, 1)
ecdsa_sha1 = (2, 3)
ecdsa_sha224 = (3, 3)
ecdsa_secp256r1_sha256 = (4, 3)
ecdsa_secp384r1_sha384 = (5, 3)
ecdsa_secp521r1_sha512 = (6, 3)
rsa_pss_rsae_sha256 = (8, 4)
rsa_pss_rsae_sha384 = (8, 5)
rsa_pss_rsae_sha512 = (8, 6)
ed25519 = (8, 7) # RFC 8422
ed448 = (8, 8) # RFC 8422
rsa_pss_pss_sha256 = (8, 9)
rsa_pss_pss_sha384 = (8, 10)
rsa_pss_pss_sha512 = (8, 11)
# backwards compatibility (for TLS1.2)
rsa_pss_sha256 = (8, 4)
rsa_pss_sha384 = (8, 5)
rsa_pss_sha512 = (8, 6)
# RFC 8734
# the names are from RFC, so we don't care that they don't follow naming
# pattern
# pylint: disable=invalid-name
ecdsa_brainpoolP256r1tls13_sha256 = (8, 0x1A)
ecdsa_brainpoolP384r1tls13_sha384 = (8, 0x1B)
ecdsa_brainpoolP512r1tls13_sha512 = (8, 0x1C)
# pylint: enable=invalid-name
dsa_sha1 = (2, 2)
dsa_sha224 = (3, 2)
dsa_sha256 = (4, 2)
dsa_sha384 = (5, 2)
dsa_sha512 = (6, 2)
@classmethod
def toRepr(cls, value, blacklist=None):
"""Convert numeric type to name representation"""
if blacklist is None:
blacklist = []
blacklist += ['getKeyType', 'getPadding', 'getHash',
'rsa_pss_sha256', 'rsa_pss_sha384', 'rsa_pss_sha512']
return super(SignatureScheme, cls).toRepr(value, blacklist)
@staticmethod
def getKeyType(scheme):
"""
Return the name of the signature algorithm used in scheme.
E.g. for "rsa_pkcs1_sha1" it returns "rsa"
"""
if scheme in ("ed25519", "ed448"):
return "eddsa"
try:
getattr(SignatureScheme, scheme)
except AttributeError:
raise ValueError("\"{0}\" scheme is unknown".format(scheme))
vals = scheme.split('_', 4)
return vals[0]
@staticmethod
def getPadding(scheme):
"""Return the name of padding scheme used in signature scheme."""
try:
getattr(SignatureScheme, scheme)
except AttributeError:
raise ValueError("\"{0}\" scheme is unknown".format(scheme))
vals = scheme.split('_', 4)
assert len(vals) in (3, 4)
if len(vals) == 3:
kType, padding, _ = vals
else:
kType, padding, _, _ = vals
assert kType == 'rsa'
return padding
@staticmethod
def getHash(scheme):
"""Return the name of hash used in signature scheme."""
# there is no explicit hash in the EDDSA, see RFC 8422
if scheme in ("ed25519", "ed448"):
return "intrinsic"
try:
getattr(SignatureScheme, scheme)
except AttributeError:
raise ValueError("\"{0}\" scheme is unknown".format(scheme))
vals = scheme.split('_', 4)
assert len(vals) in (2, 3, 4)
if len(vals) == 2:
kType, hName = vals
elif len(vals) == 3:
kType, _, hName = vals
else:
kType, _, _, hName = vals
assert kType in ('rsa', 'ecdsa', 'dsa')
return hName
class AlgorithmOID(TLSEnum):
"""
Algorithm OIDs as defined in rfc5758(ecdsa),
rfc5754(rsa, sha), rfc3447(rss-pss).
The key is the DER encoded OID in hex and
the value is the algorithm id.
"""
oid = {}
oid[bytes(a2b_hex('06072a8648ce3d0401'))] = \
SignatureScheme.ecdsa_sha1
oid[bytes(a2b_hex('06082a8648ce3d040301'))] = \
SignatureScheme.ecdsa_sha224
oid[bytes(a2b_hex('06082a8648ce3d040302'))] = \
SignatureScheme.ecdsa_secp256r1_sha256
oid[bytes(a2b_hex('06082a8648ce3d040303'))] = \
SignatureScheme.ecdsa_secp384r1_sha384
oid[bytes(a2b_hex('06082a8648ce3d040304'))] = \
SignatureScheme.ecdsa_secp521r1_sha512
oid[bytes(a2b_hex('06092a864886f70d010104'))] = \
(HashAlgorithm.md5, SignatureAlgorithm.rsa)
oid[bytes(a2b_hex('06092a864886f70d010105'))] = \
SignatureScheme.rsa_pkcs1_sha1
oid[bytes(a2b_hex('06092a864886f70d01010e'))] = \
SignatureScheme.rsa_pkcs1_sha224
oid[bytes(a2b_hex('06092a864886f70d01010b'))] = \
SignatureScheme.rsa_pkcs1_sha256
oid[bytes(a2b_hex('06092a864886f70d01010c'))] = \
SignatureScheme.rsa_pkcs1_sha384
oid[bytes(a2b_hex('06092a864886f70d01010d'))] = \
SignatureScheme.rsa_pkcs1_sha512
oid[bytes(a2b_hex('300b0609608648016503040201'))] = \
SignatureScheme.rsa_pss_rsae_sha256
oid[bytes(a2b_hex('300b0609608648016503040202'))] = \
SignatureScheme.rsa_pss_rsae_sha384
oid[bytes(a2b_hex('300b0609608648016503040203'))] = \
SignatureScheme.rsa_pss_rsae_sha512
# for RSA-PSS an AlgorithmIdentifier with and without NULL parameters
# is valid. See RFC 4055 Section 2.1
oid[bytes(a2b_hex('300d06096086480165030402010500'))] = \
SignatureScheme.rsa_pss_rsae_sha256
oid[bytes(a2b_hex('300d06096086480165030402020500'))] = \
SignatureScheme.rsa_pss_rsae_sha384
oid[bytes(a2b_hex('300d06096086480165030402030500'))] = \
SignatureScheme.rsa_pss_rsae_sha512
oid[bytes(a2b_hex('06072A8648CE380403'))] = \
SignatureScheme.dsa_sha1
oid[bytes(a2b_hex('0609608648016503040301'))] = \
SignatureScheme.dsa_sha224
oid[bytes(a2b_hex('0609608648016503040302'))] = \
SignatureScheme.dsa_sha256
oid[bytes(a2b_hex('0609608648016503040303'))] = \
SignatureScheme.dsa_sha384
oid[bytes(a2b_hex('0609608648016503040304'))] = \
SignatureScheme.dsa_sha512
oid[bytes(a2b_hex('06032b6570'))] = \
SignatureScheme.ed25519
oid[bytes(a2b_hex('06032b6571'))] = \
SignatureScheme.ed448
class GroupName(TLSEnum):
"""Name of groups supported for (EC)DH key exchange"""
# RFC4492
sect163k1 = 1
sect163r1 = 2
sect163r2 = 3
sect193r1 = 4
sect193r2 = 5
sect233k1 = 6
sect233r1 = 7
sect239k1 = 8
sect283k1 = 9
sect283r1 = 10
sect409k1 = 11
sect409r1 = 12
sect571k1 = 13
sect571r1 = 14
secp160k1 = 15
secp160r1 = 16
secp160r2 = 17
secp192k1 = 18
secp192r1 = 19
secp224k1 = 20
secp224r1 = 21
secp256k1 = 22
secp256r1 = 23
secp384r1 = 24
secp521r1 = 25
allEC = list(range(1, 26))
# RFC7027
brainpoolP256r1 = 26
brainpoolP384r1 = 27
brainpoolP512r1 = 28
allEC.extend(list(range(26, 29)))
# draft-ietf-tls-rfc4492bis
x25519 = 29
x448 = 30
allEC.extend(list(range(29, 31)))
# RFC7919
ffdhe2048 = 256
ffdhe3072 = 257
ffdhe4096 = 258
ffdhe6144 = 259
ffdhe8192 = 260
allFF = list(range(256, 261))
# RFC8734
brainpoolP256r1tls13 = 31
brainpoolP384r1tls13 = 32
brainpoolP512r1tls13 = 33
allEC.extend(list(range(31, 34)))
# draft-kwiatkowski-tls-ecdhe-mlkem
secp256r1mlkem768 = 0x11EB
x25519mlkem768 = 0x11EC
secp384r1mlkem1024 = 0x11ED
allKEM = [0x11EB, 0x11EC, 0x11ED]
all = allEC + allFF + allKEM
@classmethod
def toRepr(cls, value, blacklist=None):
"""Convert numeric type to name representation"""
if blacklist is None:
blacklist = []
blacklist += ['all', 'allEC', 'allFF']
return super(GroupName, cls).toRepr(value, blacklist)
# groups forbidden by RFC 8446 section B.3.1.4
TLS_1_3_FORBIDDEN_GROUPS = frozenset().union(
range(1, 0x17),
range(0x1A, 0x1D),
(0xff01, 0xff02))
class ECPointFormat(TLSEnum):
"""Names and ID's of supported EC point formats."""
uncompressed = 0
ansiX962_compressed_prime = 1
ansiX962_compressed_char2 = 2
all = [uncompressed,
ansiX962_compressed_prime,
ansiX962_compressed_char2]
@classmethod
def toRepr(cls, value, blacklist=None):
"""Convert numeric type to name representation."""
if blacklist is None:
blacklist = []
blacklist.append('all')
return super(ECPointFormat, cls).toRepr(value, blacklist)
class ECCurveType(TLSEnum):
"""Types of ECC curves supported in TLS from RFC4492"""
explicit_prime = 1
explicit_char2 = 2
named_curve = 3
class NameType(TLSEnum):
"""Type of entries in Server Name Indication extension."""
host_name = 0
class CertificateStatusType(TLSEnum):
"""Type of responses in the status_request and CertificateStatus msgs."""
ocsp = 1
class HeartbeatMode(TLSEnum):
"""Types of heartbeat modes from RFC 6520"""
PEER_ALLOWED_TO_SEND = 1
PEER_NOT_ALLOWED_TO_SEND = 2
class HeartbeatMessageType(TLSEnum):
"""Types of heartbeat messages from RFC 6520"""
heartbeat_request = 1
heartbeat_response = 2
class KeyUpdateMessageType(TLSEnum):
"""Types of keyupdate messages from RFC 8446"""
update_not_requested = 0
update_requested = 1
class AlertLevel(TLSEnum):
"""Enumeration of TLS Alert protocol levels"""
warning = 1
fatal = 2
class AlertDescription(TLSEnum):
"""
:cvar bad_record_mac: A TLS record failed to decrypt properly.
If this occurs during a SRP handshake it most likely
indicates a bad password. It may also indicate an implementation
error, or some tampering with the data in transit.
This alert will be signalled by the server if the SRP password is bad.
It
may also be signalled by the server if the SRP username is unknown to
the
server, but it doesn't wish to reveal that fact.
:cvar handshake_failure: A problem occurred while handshaking.
This typically indicates a lack of common ciphersuites between client
and
server, or some other disagreement (about SRP parameters or key sizes,
for example).
:cvar protocol_version: The other party's SSL/TLS version was unacceptable.
This indicates that the client and server couldn't agree on which
version
of SSL or TLS to use.
:cvar user_canceled: The handshake is being cancelled for some reason.
"""
close_notify = 0
unexpected_message = 10
bad_record_mac = 20
decryption_failed = 21
record_overflow = 22
decompression_failure = 30
handshake_failure = 40
no_certificate = 41 #SSLv3
bad_certificate = 42
unsupported_certificate = 43
certificate_revoked = 44
certificate_expired = 45
certificate_unknown = 46
illegal_parameter = 47
unknown_ca = 48
access_denied = 49
decode_error = 50
decrypt_error = 51
export_restriction = 60
protocol_version = 70
insufficient_security = 71
internal_error = 80
inappropriate_fallback = 86
user_canceled = 90
no_renegotiation = 100
missing_extension = 109
unsupported_extension = 110 # RFC 5246
certificate_unobtainable = 111 # RFC 6066
unrecognized_name = 112 # RFC 6066
bad_certificate_status_response = 113 # RFC 6066
bad_certificate_hash_value = 114 # RFC 6066
unknown_psk_identity = 115
certificate_required = 116 # RFC 8446
no_application_protocol = 120 # RFC 7301
class PskKeyExchangeMode(TLSEnum):
"""Values used in the PSK Key Exchange Modes extension."""
psk_ke = 0
psk_dhe_ke = 1
class CertificateCompressionAlgorithm(TLSEnum):
"""
Compression algorithms used for the compression of certificates
from RFC 8879.
"""
zlib = 1
brotli = 2
zstd = 3
class CipherSuite:
"""
Numeric values of ciphersuites and ciphersuite types
:cvar tripleDESSuites: ciphersuties which use 3DES symmetric cipher in CBC
mode
:cvar aes128Suites: ciphersuites which use AES symmetric cipher in CBC mode
with 128 bit key
:cvar aes256Suites: ciphersuites which use AES symmetric cipher in CBC mode
with 256 bit key
:cvar rc4Suites: ciphersuites which use RC4 symmetric cipher with 128 bit
key
:cvar shaSuites: ciphersuites which use SHA-1 HMAC integrity mechanism
and protocol default Pseudo Random Function
:cvar sha256Suites: ciphersuites which use SHA-256 HMAC integrity mechanism
and SHA-256 Pseudo Random Function
:cvar md5Suites: ciphersuites which use MD-5 HMAC integrity mechanism and
protocol default Pseudo Random Function
:cvar srpSuites: ciphersuites which use Secure Remote Password (SRP) key
exchange protocol
:cvar srpCertSuites: ciphersuites which use Secure Remote Password (SRP)
key exchange protocol with RSA server authentication
:cvar srpAllSuites: all SRP ciphersuites, pure SRP and with RSA based
server authentication
:cvar certSuites: ciphersuites which use RSA key exchange with RSA server
authentication
:cvar certAllSuites: ciphersuites which use RSA server authentication
:cvar anonSuites: ciphersuites which use anonymous Finite Field
Diffie-Hellman key exchange
:cvar ietfNames: dictionary with string names of the ciphersuites
"""
ietfNames = {}
# the ciphesuite names come from IETF, we want to keep them
#pylint: disable = invalid-name
# SSLv2 from draft-hickman-netscape-ssl-00.txt
SSL_CK_RC4_128_WITH_MD5 = 0x010080
ietfNames[0x010080] = 'SSL_CK_RC4_128_WITH_MD5'
SSL_CK_RC4_128_EXPORT40_WITH_MD5 = 0x020080
ietfNames[0x020080] = 'SSL_CK_RC4_128_EXPORT40_WITH_MD5'
SSL_CK_RC2_128_CBC_WITH_MD5 = 0x030080
ietfNames[0x030080] = 'SSL_CK_RC2_128_CBC_WITH_MD5'
SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 = 0x040080
ietfNames[0x040080] = 'SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5'
SSL_CK_IDEA_128_CBC_WITH_MD5 = 0x050080
ietfNames[0x050080] = 'SSL_CK_IDEA_128_CBC_WITH_MD5'
SSL_CK_DES_64_CBC_WITH_MD5 = 0x060040
ietfNames[0x060040] = 'SSL_CK_DES_64_CBC_WITH_MD5'
SSL_CK_DES_192_EDE3_CBC_WITH_MD5 = 0x0700C0
ietfNames[0x0700C0] = 'SSL_CK_DES_192_EDE3_CBC_WITH_MD5'
#: SSL2 ciphersuites which use RC4 symmetric cipher
ssl2rc4 = []
ssl2rc4.append(SSL_CK_RC4_128_WITH_MD5)
ssl2rc4.append(SSL_CK_RC4_128_EXPORT40_WITH_MD5)
#: SSL2 ciphersuites which use RC2 symmetric cipher
ssl2rc2 = []
ssl2rc2.append(SSL_CK_RC2_128_CBC_WITH_MD5)
ssl2rc2.append(SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5)
#: SSL2 ciphersuites which use IDEA symmetric cipher
ssl2idea = [SSL_CK_IDEA_128_CBC_WITH_MD5]
#: SSL2 ciphersuites which use (single) DES symmetric cipher
ssl2des = [SSL_CK_DES_64_CBC_WITH_MD5]
#: SSL2 ciphersuites which use 3DES symmetric cipher
ssl2_3des = [SSL_CK_DES_192_EDE3_CBC_WITH_MD5]
#: SSL2 ciphersuites which encrypt only part (40 bits) of the key
ssl2export = []
ssl2export.append(SSL_CK_RC4_128_EXPORT40_WITH_MD5)
ssl2export.append(SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5)
#: SSL2 ciphersuties which use 128 bit key
ssl2_128Key = []
ssl2_128Key.append(SSL_CK_RC4_128_WITH_MD5)
ssl2_128Key.append(SSL_CK_RC4_128_EXPORT40_WITH_MD5)
ssl2_128Key.append(SSL_CK_RC2_128_CBC_WITH_MD5)
ssl2_128Key.append(SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5)
ssl2_128Key.append(SSL_CK_IDEA_128_CBC_WITH_MD5)
#: SSL2 ciphersuites which use 64 bit key
ssl2_64Key = [SSL_CK_DES_64_CBC_WITH_MD5]
#: SSL2 ciphersuites which use 192 bit key
ssl2_192Key = [SSL_CK_DES_192_EDE3_CBC_WITH_MD5]
#
# SSLv3 and TLS cipher suite definitions
#
# RFC 5246 - TLS v1.2 Protocol
TLS_RSA_WITH_NULL_MD5 = 0x0001
ietfNames[0x0001] = 'TLS_RSA_WITH_NULL_MD5'
TLS_RSA_WITH_NULL_SHA = 0x0002
ietfNames[0x0002] = 'TLS_RSA_WITH_NULL_SHA'
TLS_RSA_WITH_RC4_128_MD5 = 0x0004
ietfNames[0x0004] = 'TLS_RSA_WITH_RC4_128_MD5'
TLS_RSA_WITH_RC4_128_SHA = 0x0005
ietfNames[0x0005] = 'TLS_RSA_WITH_RC4_128_SHA'
TLS_RSA_WITH_3DES_EDE_CBC_SHA = 0x000A
ietfNames[0x000A] = 'TLS_RSA_WITH_3DES_EDE_CBC_SHA'
TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA = 0x000D
ietfNames[0x000D] = 'TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA'
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA = 0x0013
ietfNames[0x0013] = 'TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA'
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x0016
ietfNames[0x0016] = 'TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA'
TLS_DH_ANON_WITH_RC4_128_MD5 = 0x0018
ietfNames[0x0018] = 'TLS_DH_ANON_WITH_RC4_128_MD5'
TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA = 0x001B
ietfNames[0x001B] = 'TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA'
TLS_RSA_WITH_AES_128_CBC_SHA = 0x002F
ietfNames[0x002F] = 'TLS_RSA_WITH_AES_128_CBC_SHA'
TLS_DH_DSS_WITH_AES_128_CBC_SHA = 0x0030
ietfNames[0x0030] = 'TLS_DH_DSS_WITH_AES_128_CBC_SHA'
TLS_DHE_DSS_WITH_AES_128_CBC_SHA = 0x0032
ietfNames[0x0032] = 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA'
TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x0033
ietfNames[0x0033] = 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA'
TLS_DH_ANON_WITH_AES_128_CBC_SHA = 0x0034
ietfNames[0x0034] = 'TLS_DH_ANON_WITH_AES_128_CBC_SHA'
TLS_RSA_WITH_AES_256_CBC_SHA = 0x0035
ietfNames[0x0035] = 'TLS_RSA_WITH_AES_256_CBC_SHA'
TLS_DH_DSS_WITH_AES_256_CBC_SHA = 0x0036
ietfNames[0x0036] = 'TLS_DH_DSS_WITH_AES_256_CBC_SHA'
TLS_DHE_DSS_WITH_AES_256_CBC_SHA = 0x0038
ietfNames[0x0038] = 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA'
TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x0039
ietfNames[0x0039] = 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA'
TLS_DH_ANON_WITH_AES_256_CBC_SHA = 0x003A
ietfNames[0x003A] = 'TLS_DH_ANON_WITH_AES_256_CBC_SHA'
TLS_RSA_WITH_NULL_SHA256 = 0x003B
ietfNames[0x003B] = 'TLS_RSA_WITH_NULL_SHA256'
TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x003C
ietfNames[0x003C] = 'TLS_RSA_WITH_AES_128_CBC_SHA256'
TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x003D
ietfNames[0x003D] = 'TLS_RSA_WITH_AES_256_CBC_SHA256'
TLS_DH_DSS_WITH_AES_128_CBC_SHA256 = 0x003E
ietfNames[0x003E] = 'TLS_DH_DSS_WITH_AES_128_CBC_SHA256'
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 = 0x0040
ietfNames[0x0040] = 'TLS_DHE_DSS_WITH_AES_128_CBC_SHA256'
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x0067
ietfNames[0x0067] = 'TLS_DHE_RSA_WITH_AES_128_CBC_SHA256'
TLS_DH_DSS_WITH_AES_256_CBC_SHA256 = 0x0068
ietfNames[0x0068] = 'TLS_DH_DSS_WITH_AES_256_CBC_SHA256'
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 = 0x006A
ietfNames[0x006A] = 'TLS_DHE_DSS_WITH_AES_256_CBC_SHA256'
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x006B
ietfNames[0x006B] = 'TLS_DHE_RSA_WITH_AES_256_CBC_SHA256'
TLS_DH_ANON_WITH_AES_128_CBC_SHA256 = 0x006C
ietfNames[0x006C] = 'TLS_DH_ANON_WITH_AES_128_CBC_SHA256'
TLS_DH_ANON_WITH_AES_256_CBC_SHA256 = 0x006D
ietfNames[0x006D] = 'TLS_DH_ANON_WITH_AES_256_CBC_SHA256'
# RFC 5288 - AES-GCM ciphers for TLSv1.2
TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x009C
ietfNames[0x009C] = 'TLS_RSA_WITH_AES_128_GCM_SHA256'
TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x009D
ietfNames[0x009D] = 'TLS_RSA_WITH_AES_256_GCM_SHA384'
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x009E
ietfNames[0x009E] = 'TLS_DHE_RSA_WITH_AES_128_GCM_SHA256'
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x009F
ietfNames[0x009F] = 'TLS_DHE_RSA_WITH_AES_256_GCM_SHA384'
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 = 0x00A2
ietfNames[0x00A2] = 'TLS_DHE_DSS_WITH_AES_128_GCM_SHA256'
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 = 0x00A3
ietfNames[0x00A3] = 'TLS_DHE_DSS_WITH_AES_256_GCM_SHA384'
TLS_DH_DSS_WITH_AES_128_GCM_SHA256 = 0x00A4
ietfNames[0x00A4] = 'TLS_DH_DSS_WITH_AES_128_GCM_SHA256'
TLS_DH_DSS_WITH_AES_256_GCM_SHA384 = 0x00A5
ietfNames[0x00A5] = 'TLS_DH_DSS_WITH_AES_256_GCM_SHA384'
TLS_DH_ANON_WITH_AES_128_GCM_SHA256 = 0x00A6
ietfNames[0x00A6] = 'TLS_DH_ANON_WITH_AES_128_GCM_SHA256'
TLS_DH_ANON_WITH_AES_256_GCM_SHA384 = 0x00A7
ietfNames[0x00A7] = 'TLS_DH_ANON_WITH_AES_256_GCM_SHA384'
# RFC 6655 - AES-CCM ciphers for TLSv1.2
TLS_RSA_WITH_AES_128_CCM = 0xC09C
ietfNames[0xC09C] = 'TLS_RSA_WITH_AES_128_CCM'
TLS_RSA_WITH_AES_256_CCM = 0xC09D
ietfNames[0xC09D] = 'TLS_RSA_WITH_AES_256_CCM'
TLS_DHE_RSA_WITH_AES_128_CCM = 0xC09E
ietfNames[0xC09E] = 'TLS_DHE_RSA_WITH_AES_128_CCM'
TLS_DHE_RSA_WITH_AES_256_CCM = 0xC09F
ietfNames[0xC09F] = 'TLS_DHE_RSA_WITH_AES_256_CCM'
TLS_RSA_WITH_AES_128_CCM_8 = 0xC0A0
ietfNames[0xC0A0] = 'TLS_RSA_WITH_AES_128_CCM_8'
TLS_RSA_WITH_AES_256_CCM_8 = 0xC0A1
ietfNames[0xC0A1] = 'TLS_RSA_WITH_AES_256_CCM_8'
TLS_DHE_RSA_WITH_AES_128_CCM_8 = 0xC0A2
ietfNames[0xC0A2] = 'TLS_DHE_RSA_WITH_AES_128_CCM_8'
TLS_DHE_RSA_WITH_AES_256_CCM_8 = 0xC0A3
ietfNames[0xC0A3] = 'TLS_DHE_RSA_WITH_AES_256_CCM_8'
# Weird pseudo-ciphersuite from RFC 5746
# Signals that "secure renegotiation" is supported
# We actually don't do any renegotiation, but this
# prevents renegotiation attacks
TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0x00FF
ietfNames[0x00FF] = 'TLS_EMPTY_RENEGOTIATION_INFO_SCSV'
# TLS 1.3 ciphersuites
TLS_AES_128_GCM_SHA256 = 0x1301
ietfNames[0x1301] = 'TLS_AES_128_GCM_SHA256'
TLS_AES_256_GCM_SHA384 = 0x1302
ietfNames[0x1302] = 'TLS_AES_256_GCM_SHA384'
TLS_CHACHA20_POLY1305_SHA256 = 0x1303
ietfNames[0x1303] = 'TLS_CHACHA20_POLY1305_SHA256'
TLS_AES_128_CCM_SHA256 = 0x1304
ietfNames[0x1304] = 'TLS_AES_128_CCM_SHA256'
TLS_AES_128_CCM_8_SHA256 = 0x1305
ietfNames[0x1305] = 'TLS_AES_128_CCM_8_SHA256'
# RFC 7507 - Fallback Signaling Cipher Suite Value for Preventing Protocol
# Downgrade Attacks
TLS_FALLBACK_SCSV = 0x5600
ietfNames[0x5600] = 'TLS_FALLBACK_SCSV'
# RFC 4492 - ECC Cipher Suites for TLS
# unsupported - no support for ECDSA certificates
TLS_ECDH_ECDSA_WITH_NULL_SHA = 0xC001
ietfNames[0xC001] = 'TLS_ECDH_ECDSA_WITH_NULL_SHA'
TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0xC002
ietfNames[0xC002] = 'TLS_ECDH_ECDSA_WITH_RC4_128_SHA'
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC003
ietfNames[0xC003] = 'TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA'
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0xC004
ietfNames[0xC004] = 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA'
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0xC005
ietfNames[0xC005] = 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA'
TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0xC006
ietfNames[0xC006] = 'TLS_ECDHE_ECDSA_WITH_NULL_SHA'
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007
ietfNames[0xC007] = 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA'
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0xC008
ietfNames[0xC008] = 'TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA'
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0xC009
ietfNames[0xC009] = 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA'
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0xC00A
ietfNames[0xC00A] = 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA'
TLS_ECDH_RSA_WITH_NULL_SHA = 0xC00B
ietfNames[0xC00B] = 'TLS_ECDH_RSA_WITH_NULL_SHA'
TLS_ECDH_RSA_WITH_RC4_128_SHA = 0xC00C
ietfNames[0xC00C] = 'TLS_ECDH_RSA_WITH_RC4_128_SHA'
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0xC00D
ietfNames[0xC00D] = 'TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA'
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0xC00E
ietfNames[0xC00E] = 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA'
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0xC00F
ietfNames[0xC00F] = 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA'
# RFC 4492 - ECC Cipher Suites for TLS
TLS_ECDHE_RSA_WITH_NULL_SHA = 0xC010
ietfNames[0xC010] = 'TLS_ECDHE_RSA_WITH_NULL_SHA'
TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011
ietfNames[0xC011] = 'TLS_ECDHE_RSA_WITH_RC4_128_SHA'
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0xC012
ietfNames[0xC012] = 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA'
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0xC013
ietfNames[0xC013] = 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA'
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014
ietfNames[0xC014] = 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA'
TLS_ECDH_ANON_WITH_NULL_SHA = 0xC015
ietfNames[0xC015] = 'TLS_ECDH_ANON_WITH_NULL_SHA'
TLS_ECDH_ANON_WITH_RC4_128_SHA = 0xC016
ietfNames[0xC016] = 'TLS_ECDH_ANON_WITH_RC4_128_SHA'
TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA = 0xC017
ietfNames[0xC017] = 'TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA'
TLS_ECDH_ANON_WITH_AES_128_CBC_SHA = 0xC018
ietfNames[0xC018] = 'TLS_ECDH_ANON_WITH_AES_128_CBC_SHA'
TLS_ECDH_ANON_WITH_AES_256_CBC_SHA = 0xC019
ietfNames[0xC019] = 'TLS_ECDH_ANON_WITH_AES_256_CBC_SHA'
# RFC 5054 - Secure Remote Password (SRP) Protocol for TLS Authentication
TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA = 0xC01A
ietfNames[0xC01A] = 'TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA'
TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA = 0xC01B
ietfNames[0xC01B] = 'TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA'
TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA = 0xC01C
ietfNames[0xC01C] = 'TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA'
TLS_SRP_SHA_WITH_AES_128_CBC_SHA = 0xC01D
ietfNames[0xC01D] = 'TLS_SRP_SHA_WITH_AES_128_CBC_SHA'
TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA = 0xC01E
ietfNames[0xC01E] = 'TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA'
TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA = 0xC01F
ietfNames[0xC01F] = 'TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA'
TLS_SRP_SHA_WITH_AES_256_CBC_SHA = 0xC020
ietfNames[0xC020] = 'TLS_SRP_SHA_WITH_AES_256_CBC_SHA'
TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA = 0xC021
ietfNames[0xC021] = 'TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA'
TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA = 0xC022
ietfNames[0xC022] = 'TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA'
# RFC 5289 - ECC Ciphers with SHA-256/SHA-384 HMAC and AES-GCM
# unsupported! - no support for ECDSA certificates
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC023
ietfNames[0xC023] = 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256'
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC024
ietfNames[0xC024] = 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384'
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0xC025
ietfNames[0xC025] = 'TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256'
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0xC026
ietfNames[0xC026] = 'TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384'
# RFC 5289 - ECC Ciphers with SHA-256/SHA-384 HMAC and AES-GCM
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0xC027
ietfNames[0xC027] = 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256'
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0xC028
ietfNames[0xC028] = 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384'
# RFC 5289 - ECC Ciphers with SHA-256/SHA-384 HMAC and AES-GCM
# unsupported
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0xC029
ietfNames[0xC029] = 'TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256'
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0xC02A
ietfNames[0xC02A] = 'TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384'
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02B
ietfNames[0xC02B] = 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256'
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02C
ietfNames[0xC02C] = 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384'
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0xC02D
ietfNames[0xC02D] = 'TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256'
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0xC02E
ietfNames[0xC02E] = 'TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384'
# RFC 5289 - ECC Ciphers with SHA-256/SHA-384 HMAC and AES-GCM
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0xC02F
ietfNames[0xC02F] = 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0xC030
ietfNames[0xC030] = 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384'
# RFC 5289 - ECC Ciphers with SHA-256/SHA-384 HMAC and AES-GCM
# unsupported
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0xC031
ietfNames[0xC031] = 'TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256'
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0xC032
ietfNames[0xC032] = 'TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384'
# draft-ietf-tls-chacha20-poly1305-00
# ChaCha20/Poly1305 based Cipher Suites for TLS1.2
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_draft_00 = 0xCCA1
ietfNames[0xCCA1] = 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_draft_00'
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_draft_00 = 0xCCA2
ietfNames[0xCCA2] = 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_draft_00'
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_draft_00 = 0xCCA3
ietfNames[0xCCA3] = 'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_draft_00'
# RFC 7905 - ChaCha20-Poly1305 Cipher Suites for TLS
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA8
ietfNames[0xCCA8] = 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256'
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCA9
ietfNames[0xCCA9] = 'TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256'
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xCCAA
ietfNames[0xCCAA] = 'TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256'
# RFC 7251 - AES-CCM ECC Ciphers for TLS
TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xC0AC
ietfNames[0xC0AC] = 'TLS_ECDHE_ECDSA_WITH_AES_128_CCM'
TLS_ECDHE_ECDSA_WITH_AES_256_CCM = 0xC0AD
ietfNames[0xC0AD] = 'TLS_ECDHE_ECDSA_WITH_AES_256_CCM'
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xC0AE
ietfNames[0xC0AE] = 'TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8'
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xC0AF
ietfNames[0xC0AF] = 'TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8'
#pylint: enable = invalid-name
#
# Define cipher suite families below
#
#: 3DES CBC ciphers
tripleDESSuites = []
tripleDESSuites.append(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA)
tripleDESSuites.append(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA) # unsupported
tripleDESSuites.append(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA) # unsupported
tripleDESSuites.append(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA)
tripleDESSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA)
tripleDESSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA)
tripleDESSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA)
tripleDESSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA)
tripleDESSuites.append(TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA)
tripleDESSuites.append(TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA)
tripleDESSuites.append(TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA) # unsupported
tripleDESSuites.append(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA) # unsupported
tripleDESSuites.append(TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA) # unsupp
#: AES-128 CBC ciphers
aes128Suites = []
aes128Suites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA)
aes128Suites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA)
aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA)
aes128Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA)
aes128Suites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA)
aes128Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA256)
aes128Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256)
aes128Suites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA256)
aes128Suites.append(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256)
aes128Suites.append(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA)
aes128Suites.append(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256) # unsupported
aes128Suites.append(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA) # unsupported
aes128Suites.append(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256) # unsupported
aes128Suites.append(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA) # unsupported
aes128Suites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA)
aes128Suites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256)
aes128Suites.append(TLS_ECDH_ANON_WITH_AES_128_CBC_SHA)
aes128Suites.append(TLS_DH_DSS_WITH_AES_128_CBC_SHA) # unsupported
aes128Suites.append(TLS_DHE_DSS_WITH_AES_128_CBC_SHA) # unsupported
aes128Suites.append(TLS_DH_DSS_WITH_AES_128_CBC_SHA256) # unsupported
aes128Suites.append(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256) # unsupported
aes128Suites.append(TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA) # unsupported
#: AES-256 CBC ciphers
aes256Suites = []
aes256Suites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA)
aes256Suites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA)
aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA)
aes256Suites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA)
aes256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
aes256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA256)
aes256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256)
aes256Suites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA256)
aes256Suites.append(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384)
aes256Suites.append(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA)
aes256Suites.append(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384) # unsupported
aes256Suites.append(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA) # unsupported
aes256Suites.append(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384) # unsupported
aes256Suites.append(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA) # unsupported
aes256Suites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
aes256Suites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384)
aes256Suites.append(TLS_ECDH_ANON_WITH_AES_256_CBC_SHA)
aes256Suites.append(TLS_DH_DSS_WITH_AES_256_CBC_SHA) # unsupported
aes256Suites.append(TLS_DHE_DSS_WITH_AES_256_CBC_SHA) # unsupported
aes256Suites.append(TLS_DH_DSS_WITH_AES_256_CBC_SHA256) # unsupported
aes256Suites.append(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256) # unsupported
aes256Suites.append(TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA) # unsupported
#: AES-128 GCM ciphers
aes128GcmSuites = []
aes128GcmSuites.append(TLS_RSA_WITH_AES_128_GCM_SHA256)
aes128GcmSuites.append(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256)
aes128GcmSuites.append(TLS_DH_ANON_WITH_AES_128_GCM_SHA256)
aes128GcmSuites.append(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
aes128GcmSuites.append(TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256) # unsupp
aes128GcmSuites.append(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256) # unsupp
aes128GcmSuites.append(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
aes128GcmSuites.append(TLS_AES_128_GCM_SHA256)
aes128GcmSuites.append(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256) # unsupported
aes128GcmSuites.append(TLS_DH_DSS_WITH_AES_128_GCM_SHA256) # unsupported
#: AES-256-GCM ciphers (implicit SHA384, see sha384PrfSuites)
aes256GcmSuites = []
aes256GcmSuites.append(TLS_RSA_WITH_AES_256_GCM_SHA384)
aes256GcmSuites.append(TLS_DHE_RSA_WITH_AES_256_GCM_SHA384)
aes256GcmSuites.append(TLS_DH_ANON_WITH_AES_256_GCM_SHA384)
aes256GcmSuites.append(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
aes256GcmSuites.append(TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384) # unsupp
aes256GcmSuites.append(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384) # unsupported
aes256GcmSuites.append(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
aes256GcmSuites.append(TLS_AES_256_GCM_SHA384)
aes256GcmSuites.append(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384) # unsupported
aes256GcmSuites.append(TLS_DH_DSS_WITH_AES_256_GCM_SHA384) # unsupported
#: AES-128 CCM_8 ciphers
aes128Ccm_8Suites = []
aes128Ccm_8Suites.append(TLS_RSA_WITH_AES_128_CCM_8)
aes128Ccm_8Suites.append(TLS_DHE_RSA_WITH_AES_128_CCM_8)
aes128Ccm_8Suites.append(TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8)
aes128Ccm_8Suites.append(TLS_AES_128_CCM_8_SHA256)
#: AES-128 CCM ciphers
aes128CcmSuites = []
aes128CcmSuites.append(TLS_RSA_WITH_AES_128_CCM)
aes128CcmSuites.append(TLS_DHE_RSA_WITH_AES_128_CCM)
aes128CcmSuites.append(TLS_ECDHE_ECDSA_WITH_AES_128_CCM)
aes128CcmSuites.append(TLS_AES_128_CCM_SHA256)
#: AES-256 CCM_8 ciphers
aes256Ccm_8Suites = []
aes256Ccm_8Suites.append(TLS_RSA_WITH_AES_256_CCM_8)
aes256Ccm_8Suites.append(TLS_DHE_RSA_WITH_AES_256_CCM_8)
aes256Ccm_8Suites.append(TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8)
# AES-256 CCM ciphers
aes256CcmSuites = []
aes256CcmSuites.append(TLS_RSA_WITH_AES_256_CCM)
aes256CcmSuites.append(TLS_DHE_RSA_WITH_AES_256_CCM)
aes256CcmSuites.append(TLS_ECDHE_ECDSA_WITH_AES_256_CCM)
#: CHACHA20 cipher, 00'th IETF draft (implicit POLY1305 authenticator)
chacha20draft00Suites = []
chacha20draft00Suites.append(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_draft_00)
chacha20draft00Suites.append(
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_draft_00)
chacha20draft00Suites.append(TLS_DHE_RSA_WITH_CHACHA20_POLY1305_draft_00)
#: CHACHA20 cipher (implicit POLY1305 authenticator, SHA256 PRF)
chacha20Suites = []
chacha20Suites.append(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256)
chacha20Suites.append(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256)
chacha20Suites.append(TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256)
chacha20Suites.append(TLS_CHACHA20_POLY1305_SHA256)
#: RC4 128 stream cipher
rc4Suites = []
rc4Suites.append(TLS_ECDHE_RSA_WITH_RC4_128_SHA)
rc4Suites.append(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA)
rc4Suites.append(TLS_ECDH_ECDSA_WITH_RC4_128_SHA) # unsupported
rc4Suites.append(TLS_ECDH_RSA_WITH_RC4_128_SHA) # unsupported
rc4Suites.append(TLS_DH_ANON_WITH_RC4_128_MD5)
rc4Suites.append(TLS_RSA_WITH_RC4_128_SHA)
rc4Suites.append(TLS_RSA_WITH_RC4_128_MD5)
rc4Suites.append(TLS_ECDH_ANON_WITH_RC4_128_SHA)
#: no encryption
nullSuites = []
nullSuites.append(TLS_RSA_WITH_NULL_MD5)
nullSuites.append(TLS_RSA_WITH_NULL_SHA)
nullSuites.append(TLS_RSA_WITH_NULL_SHA256)
nullSuites.append(TLS_ECDHE_ECDSA_WITH_NULL_SHA)
nullSuites.append(TLS_ECDH_ECDSA_WITH_NULL_SHA) # unsupported
nullSuites.append(TLS_ECDH_RSA_WITH_NULL_SHA) # unsupported
nullSuites.append(TLS_ECDHE_RSA_WITH_NULL_SHA)
nullSuites.append(TLS_ECDH_ANON_WITH_NULL_SHA)
#: SHA-1 HMAC, protocol default PRF
shaSuites = []
shaSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA)
shaSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA)
shaSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA)
shaSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA)
shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA)
shaSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA)
shaSuites.append(TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA) # unsupported
shaSuites.append(TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA) # unsupported
shaSuites.append(TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA) # unsupported
shaSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA)
shaSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA)
shaSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA)
shaSuites.append(TLS_RSA_WITH_RC4_128_SHA)
shaSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA)
shaSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA)
shaSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
shaSuites.append(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA) # unsupported
shaSuites.append(TLS_DHE_DSS_WITH_AES_128_CBC_SHA) # unsupported
shaSuites.append(TLS_DHE_DSS_WITH_AES_256_CBC_SHA) # unsupported
shaSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA)
shaSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA)
shaSuites.append(TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA)
shaSuites.append(TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA) # unsupported
shaSuites.append(TLS_DH_DSS_WITH_AES_128_CBC_SHA) # unsupported
shaSuites.append(TLS_DH_DSS_WITH_AES_256_CBC_SHA) # unsupported
shaSuites.append(TLS_RSA_WITH_NULL_SHA)
shaSuites.append(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA)
shaSuites.append(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA)
shaSuites.append(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA)
shaSuites.append(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA)
shaSuites.append(TLS_ECDHE_ECDSA_WITH_NULL_SHA)
shaSuites.append(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA) # unsupported
shaSuites.append(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA) # unsupported
shaSuites.append(TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA) # unsupported
shaSuites.append(TLS_ECDH_ECDSA_WITH_RC4_128_SHA) # unsupported
shaSuites.append(TLS_ECDH_ECDSA_WITH_NULL_SHA) # unsupported
shaSuites.append(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA) # unsupported
shaSuites.append(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA) # unsupported
shaSuites.append(TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA) # unsupported
shaSuites.append(TLS_ECDH_RSA_WITH_RC4_128_SHA) # unsupported
shaSuites.append(TLS_ECDH_RSA_WITH_NULL_SHA) # unsupported
shaSuites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA)
shaSuites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
shaSuites.append(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA)
shaSuites.append(TLS_ECDHE_RSA_WITH_RC4_128_SHA)
shaSuites.append(TLS_ECDHE_RSA_WITH_NULL_SHA)
shaSuites.append(TLS_ECDH_ANON_WITH_AES_256_CBC_SHA)
shaSuites.append(TLS_ECDH_ANON_WITH_AES_128_CBC_SHA)
shaSuites.append(TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA)
shaSuites.append(TLS_ECDH_ANON_WITH_RC4_128_SHA)
shaSuites.append(TLS_ECDH_ANON_WITH_NULL_SHA)
#: SHA-256 HMAC, SHA-256 PRF
sha256Suites = []
sha256Suites.append(TLS_RSA_WITH_AES_128_CBC_SHA256)
sha256Suites.append(TLS_RSA_WITH_AES_256_CBC_SHA256)
sha256Suites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256)
sha256Suites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256)
sha256Suites.append(TLS_RSA_WITH_NULL_SHA256)
sha256Suites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA256)
sha256Suites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA256)
sha256Suites.append(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256)
sha256Suites.append(TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256) # unsupported
sha256Suites.append(TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256) # unsupported
sha256Suites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256)
#: SHA-384 HMAC, SHA-384 PRF
sha384Suites = []
sha384Suites.append(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384)
sha384Suites.append(TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384) # unsupported
sha384Suites.append(TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384) # unsupported
sha384Suites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384)
sha384Suites.append(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384) # unsupported
sha384Suites.append(TLS_DH_DSS_WITH_AES_256_GCM_SHA384) # unsupported
#: stream cipher construction
streamSuites = []
streamSuites.extend(rc4Suites)
streamSuites.extend(nullSuites)
#: AEAD integrity, any PRF
aeadSuites = []
aeadSuites.extend(aes128GcmSuites)
aeadSuites.extend(aes256GcmSuites)
aeadSuites.extend(aes128CcmSuites)
aeadSuites.extend(aes128Ccm_8Suites)
aeadSuites.extend(aes256CcmSuites)
aeadSuites.extend(aes256Ccm_8Suites)
aeadSuites.extend(chacha20Suites)
aeadSuites.extend(chacha20draft00Suites)
#: any with SHA384 PRF
sha384PrfSuites = []
sha384PrfSuites.extend(sha384Suites)
sha384PrfSuites.extend(aes256GcmSuites)
#: MD-5 HMAC, protocol default PRF
md5Suites = []
md5Suites.append(TLS_DH_ANON_WITH_RC4_128_MD5)
md5Suites.append(TLS_RSA_WITH_RC4_128_MD5)
md5Suites.append(TLS_RSA_WITH_NULL_MD5)
#: SSL3, TLS1.0, TLS1.1 and TLS1.2 compatible ciphers
ssl3Suites = []
ssl3Suites.extend(shaSuites)
ssl3Suites.extend(md5Suites)
#: TLS1.2 specific ciphersuites
tls12Suites = []
tls12Suites.extend(sha256Suites)
tls12Suites.extend(sha384Suites)
tls12Suites.extend(aeadSuites)
#: any that will end up using SHA256 PRF in TLS 1.2 or later
sha256PrfSuites = []
sha256PrfSuites.extend(tls12Suites)
for i in sha384PrfSuites:
sha256PrfSuites.remove(i)
#: TLS1.3 specific ciphersuites
tls13Suites = []
# TLS 1.3 suites are not a superset of TLS 1.2 suites, but they
# use the same mechanism (AEAD), so we need to remove TLS 1.3 items
# from the TLS 1.2 list
tls13Suites.append(TLS_AES_256_GCM_SHA384)
tls12Suites.remove(TLS_AES_256_GCM_SHA384)
tls13Suites.append(TLS_AES_128_GCM_SHA256)
tls12Suites.remove(TLS_AES_128_GCM_SHA256)
tls13Suites.append(TLS_CHACHA20_POLY1305_SHA256)
tls12Suites.remove(TLS_CHACHA20_POLY1305_SHA256)
tls13Suites.append(TLS_AES_128_CCM_SHA256)
tls12Suites.remove(TLS_AES_128_CCM_SHA256)
tls13Suites.append(TLS_AES_128_CCM_8_SHA256)
tls12Suites.remove(TLS_AES_128_CCM_8_SHA256)
@staticmethod
def filterForVersion(suites, minVersion, maxVersion):
"""Return a copy of suites without ciphers incompatible with version"""
includeSuites = set([])
if (3, 0) <= minVersion <= (3, 3):
includeSuites.update(CipherSuite.ssl3Suites)
if maxVersion >= (3, 3) and minVersion <= (3, 3):
includeSuites.update(CipherSuite.tls12Suites)
if maxVersion > (3, 3):
includeSuites.update(CipherSuite.tls13Suites)
return [s for s in suites if s in includeSuites]
@staticmethod
def filter_for_certificate(suites, cert_chain):
"""Return a copy of suites without ciphers incompatible with the cert.
"""
includeSuites = set([])
includeSuites.update(CipherSuite.tls13Suites)
if cert_chain:
if cert_chain.x509List[0].certAlg in ("rsa", "rsa-pss"):
includeSuites.update(CipherSuite.certAllSuites)
if cert_chain.x509List[0].certAlg == "rsa-pss":
# suites in which RSA encryption is used can't be used with
# rsa-pss
includeSuites.symmetric_difference_update(
CipherSuite.certSuites)
if cert_chain.x509List[0].certAlg in ("ecdsa", "Ed25519", "Ed448"):
includeSuites.update(CipherSuite.ecdheEcdsaSuites)
if cert_chain.x509List[0].certAlg == "dsa":
includeSuites.update(CipherSuite.dheDsaSuites)
else:
includeSuites.update(CipherSuite.srpSuites)
includeSuites.update(CipherSuite.anonSuites)
includeSuites.update(CipherSuite.ecdhAnonSuites)
return [s for s in suites if s in includeSuites]
@staticmethod
def filter_for_prfs(suites, prfs):
"""Return a copy of suites without ciphers incompatible with the
specified prfs (sha256 or sha384)"""
includeSuites = set()
prfs = set(prfs)
if None in prfs:
prfs.update(["sha256"])
prfs.remove(None)
assert len(prfs) <= 2, prfs
if "sha256" in prfs:
includeSuites.update(CipherSuite.sha256PrfSuites)
if "sha384" in prfs:
includeSuites.update(CipherSuite.sha384PrfSuites)
return [s for s in suites if s in includeSuites]
@staticmethod
def _filterSuites(suites, settings, version=None):
if version is None:
version = settings.maxVersion
macNames = settings.macNames
cipherNames = settings.cipherNames
keyExchangeNames = settings.keyExchangeNames
macSuites = []
if "sha" in macNames:
macSuites += CipherSuite.shaSuites
if "sha256" in macNames and version >= (3, 3):
macSuites += CipherSuite.sha256Suites
if "sha384" in macNames and version >= (3, 3):
macSuites += CipherSuite.sha384Suites
if "md5" in macNames:
macSuites += CipherSuite.md5Suites
if "aead" in macNames and version >= (3, 3):
macSuites += CipherSuite.aeadSuites
cipherSuites = []
if "chacha20-poly1305" in cipherNames and version >= (3, 3):
cipherSuites += CipherSuite.chacha20Suites
if "chacha20-poly1305_draft00" in cipherNames and version >= (3, 3):
cipherSuites += CipherSuite.chacha20draft00Suites
if "aes128gcm" in cipherNames and version >= (3, 3):
cipherSuites += CipherSuite.aes128GcmSuites
if "aes256gcm" in cipherNames and version >= (3, 3):
cipherSuites += CipherSuite.aes256GcmSuites
if "aes128ccm" in cipherNames and version >= (3, 3):
cipherSuites += CipherSuite.aes128CcmSuites
if "aes128ccm_8" in cipherNames and version >= (3, 3):
cipherSuites += CipherSuite.aes128Ccm_8Suites
if "aes256ccm" in cipherNames and version >= (3, 3):
cipherSuites += CipherSuite.aes256CcmSuites
if "aes256ccm_8" in cipherNames and version >= (3, 3):
cipherSuites += CipherSuite.aes256Ccm_8Suites
if "aes128" in cipherNames:
cipherSuites += CipherSuite.aes128Suites
if "aes256" in cipherNames:
cipherSuites += CipherSuite.aes256Suites
if "3des" in cipherNames:
cipherSuites += CipherSuite.tripleDESSuites
if "rc4" in cipherNames:
cipherSuites += CipherSuite.rc4Suites
if "null" in cipherNames:
cipherSuites += CipherSuite.nullSuites
keyExchangeSuites = []
if version >= (3, 4):
keyExchangeSuites += CipherSuite.tls13Suites
if "rsa" in keyExchangeNames:
keyExchangeSuites += CipherSuite.certSuites
if "dhe_rsa" in keyExchangeNames:
keyExchangeSuites += CipherSuite.dheCertSuites
if "dhe_dsa" in keyExchangeNames:
keyExchangeSuites += CipherSuite.dheDsaSuites
if "ecdhe_rsa" in keyExchangeNames:
keyExchangeSuites += CipherSuite.ecdheCertSuites
if "ecdhe_ecdsa" in keyExchangeNames:
keyExchangeSuites += CipherSuite.ecdheEcdsaSuites
if "srp_sha" in keyExchangeNames:
keyExchangeSuites += CipherSuite.srpSuites
if "srp_sha_rsa" in keyExchangeNames:
keyExchangeSuites += CipherSuite.srpCertSuites
if "dh_anon" in keyExchangeNames:
keyExchangeSuites += CipherSuite.anonSuites
if "ecdh_anon" in keyExchangeNames:
keyExchangeSuites += CipherSuite.ecdhAnonSuites
return [s for s in suites if s in macSuites and
s in cipherSuites and s in keyExchangeSuites]
@classmethod
def getTLS13Suites(cls, settings, version=None):
"""Return cipher suites that are TLS 1.3 specific."""
return cls._filterSuites(CipherSuite.tls13Suites, settings, version)
#: SRP key exchange, no certificate base authentication
srpSuites = []
srpSuites.append(TLS_SRP_SHA_WITH_AES_256_CBC_SHA)
srpSuites.append(TLS_SRP_SHA_WITH_AES_128_CBC_SHA)
srpSuites.append(TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA)
@classmethod
def getSrpSuites(cls, settings, version=None):
"""Return SRP cipher suites matching settings"""
return cls._filterSuites(CipherSuite.srpSuites, settings, version)
#: SRP key exchange, RSA authentication
srpCertSuites = []
srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA)
srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA)
srpCertSuites.append(TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA)
@classmethod
def getSrpCertSuites(cls, settings, version=None):
"""Return SRP cipher suites that use server certificates"""
return cls._filterSuites(CipherSuite.srpCertSuites, settings, version)
#: SRP key exchange, DSA authentication
srpDsaSuites = []
srpDsaSuites.append(TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA) # unsupported
srpDsaSuites.append(TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA) # unsupported
srpDsaSuites.append(TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA) # unsupported
@classmethod
def getSrpDsaSuites(cls, settings, version=None):
"""Return SRP DSA cipher suites that use server certificates"""
return cls._filterSuites(CipherSuite.srpCertSuites, settings, version)
#: All that use SRP key exchange
srpAllSuites = srpSuites + srpCertSuites
@classmethod
def getSrpAllSuites(cls, settings, version=None):
"""Return all SRP cipher suites matching settings"""
return cls._filterSuites(CipherSuite.srpAllSuites, settings, version)
#: RSA key exchange, RSA authentication
certSuites = []
certSuites.append(TLS_RSA_WITH_AES_256_GCM_SHA384)
certSuites.append(TLS_RSA_WITH_AES_128_GCM_SHA256)
certSuites.append(TLS_RSA_WITH_AES_256_CCM)
certSuites.append(TLS_RSA_WITH_AES_128_CCM)
certSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA256)
certSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA256)
certSuites.append(TLS_RSA_WITH_AES_256_CBC_SHA)
certSuites.append(TLS_RSA_WITH_AES_128_CBC_SHA)
certSuites.append(TLS_RSA_WITH_AES_256_CCM_8)
certSuites.append(TLS_RSA_WITH_AES_128_CCM_8)
certSuites.append(TLS_RSA_WITH_3DES_EDE_CBC_SHA)
certSuites.append(TLS_RSA_WITH_RC4_128_SHA)
certSuites.append(TLS_RSA_WITH_RC4_128_MD5)
certSuites.append(TLS_RSA_WITH_NULL_MD5)
certSuites.append(TLS_RSA_WITH_NULL_SHA)
certSuites.append(TLS_RSA_WITH_NULL_SHA256)
@classmethod
def getCertSuites(cls, settings, version=None):
"""Return ciphers with RSA authentication matching settings"""
return cls._filterSuites(CipherSuite.certSuites, settings, version)
#: FFDHE key exchange, RSA authentication
dheCertSuites = []
dheCertSuites.append(TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256)
dheCertSuites.append(TLS_DHE_RSA_WITH_CHACHA20_POLY1305_draft_00)
dheCertSuites.append(TLS_DHE_RSA_WITH_AES_256_GCM_SHA384)
dheCertSuites.append(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256)
dheCertSuites.append(TLS_DHE_RSA_WITH_AES_256_CCM)
dheCertSuites.append(TLS_DHE_RSA_WITH_AES_128_CCM)
dheCertSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA256)
dheCertSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA256)
dheCertSuites.append(TLS_DHE_RSA_WITH_AES_256_CBC_SHA)
dheCertSuites.append(TLS_DHE_RSA_WITH_AES_128_CBC_SHA)
dheCertSuites.append(TLS_DHE_RSA_WITH_AES_256_CCM_8)
dheCertSuites.append(TLS_DHE_RSA_WITH_AES_128_CCM_8)
dheCertSuites.append(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA)
@classmethod
def getDheCertSuites(cls, settings, version=None):
"""Provide authenticated DHE ciphersuites matching settings"""
return cls._filterSuites(CipherSuite.dheCertSuites, settings, version)
#: ECDHE key exchange, RSA authentication
ecdheCertSuites = []
ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256)
ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_draft_00)
ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256)
ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384)
ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256)
ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA)
ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA)
ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA)
ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_RC4_128_SHA)
ecdheCertSuites.append(TLS_ECDHE_RSA_WITH_NULL_SHA)
@classmethod
def getEcdheCertSuites(cls, settings, version=None):
"""Provide authenticated ECDHE ciphersuites matching settings"""
return cls._filterSuites(CipherSuite.ecdheCertSuites, settings, version)
#: RSA authentication
certAllSuites = srpCertSuites + certSuites + dheCertSuites + ecdheCertSuites
#: ECDHE key exchange, ECDSA authentication
ecdheEcdsaSuites = []
ecdheEcdsaSuites.append(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256)
ecdheEcdsaSuites.append(TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_draft_00)
ecdheEcdsaSuites.append(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384)
ecdheEcdsaSuites.append(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256)
ecdheEcdsaSuites.append(TLS_ECDHE_ECDSA_WITH_AES_256_CCM)
ecdheEcdsaSuites.append(TLS_ECDHE_ECDSA_WITH_AES_128_CCM)
ecdheEcdsaSuites.append(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384)
ecdheEcdsaSuites.append(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256)
ecdheEcdsaSuites.append(TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA)
ecdheEcdsaSuites.append(TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA)
ecdheEcdsaSuites.append(TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA)
ecdheEcdsaSuites.append(TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8)
ecdheEcdsaSuites.append(TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8)
ecdheEcdsaSuites.append(TLS_ECDHE_ECDSA_WITH_RC4_128_SHA)
ecdheEcdsaSuites.append(TLS_ECDHE_ECDSA_WITH_NULL_SHA)
@classmethod
def getEcdsaSuites(cls, settings, version=None):
"""Provide ECDSA authenticated ciphersuites matching settings"""
return cls._filterSuites(CipherSuite.ecdheEcdsaSuites,
settings, version)
#: DHE key exchange, DSA authentication
dheDsaSuites = []
dheDsaSuites.append(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384)
dheDsaSuites.append(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256)
dheDsaSuites.append(TLS_DHE_DSS_WITH_AES_256_CBC_SHA256)
dheDsaSuites.append(TLS_DHE_DSS_WITH_AES_128_CBC_SHA256)
dheDsaSuites.append(TLS_DHE_DSS_WITH_AES_256_CBC_SHA)
dheDsaSuites.append(TLS_DHE_DSS_WITH_AES_128_CBC_SHA)
dheDsaSuites.append(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA)
@classmethod
def getDheDsaSuites(cls, settings, version=None):
"""Provide DSA authenticated ciphersuites matching settings"""
return cls._filterSuites(CipherSuite.dheDsaSuites,
settings, version)
#: anon FFDHE key exchange
anonSuites = []
anonSuites.append(TLS_DH_ANON_WITH_AES_256_GCM_SHA384)
anonSuites.append(TLS_DH_ANON_WITH_AES_128_GCM_SHA256)
anonSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA256)
anonSuites.append(TLS_DH_ANON_WITH_AES_256_CBC_SHA)
anonSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA256)
anonSuites.append(TLS_DH_ANON_WITH_AES_128_CBC_SHA)
anonSuites.append(TLS_DH_ANON_WITH_3DES_EDE_CBC_SHA)
anonSuites.append(TLS_DH_ANON_WITH_RC4_128_MD5)
@classmethod
def getAnonSuites(cls, settings, version=None):
"""Provide anonymous DH ciphersuites matching settings"""
return cls._filterSuites(CipherSuite.anonSuites, settings, version)
dhAllSuites = dheCertSuites + anonSuites + dheDsaSuites
#: anon ECDHE key exchange
ecdhAnonSuites = []
ecdhAnonSuites.append(TLS_ECDH_ANON_WITH_AES_256_CBC_SHA)
ecdhAnonSuites.append(TLS_ECDH_ANON_WITH_AES_128_CBC_SHA)
ecdhAnonSuites.append(TLS_ECDH_ANON_WITH_3DES_EDE_CBC_SHA)
ecdhAnonSuites.append(TLS_ECDH_ANON_WITH_RC4_128_SHA)
ecdhAnonSuites.append(TLS_ECDH_ANON_WITH_NULL_SHA)
@classmethod
def getEcdhAnonSuites(cls, settings, version=None):
"""Provide anonymous ECDH ciphersuites matching settings"""
return cls._filterSuites(CipherSuite.ecdhAnonSuites, settings, version)
#: all ciphersuites which use ephemeral ECDH key exchange
ecdhAllSuites = ecdheEcdsaSuites + ecdheCertSuites + ecdhAnonSuites
@staticmethod
def canonicalCipherName(ciphersuite):
"""Return the canonical name of the cipher whose number is provided."""
if ciphersuite in CipherSuite.aes128GcmSuites:
return "aes128gcm"
elif ciphersuite in CipherSuite.aes256GcmSuites:
return "aes256gcm"
elif ciphersuite in CipherSuite.aes128Ccm_8Suites:
return "aes128ccm_8"
elif ciphersuite in CipherSuite.aes128CcmSuites:
return "aes128ccm"
elif ciphersuite in CipherSuite.aes256CcmSuites:
return "aes256ccm"
elif ciphersuite in CipherSuite.aes256Ccm_8Suites:
return "aes256ccm_8"
elif ciphersuite in CipherSuite.aes128Suites:
return "aes128"
elif ciphersuite in CipherSuite.aes256Suites:
return "aes256"
elif ciphersuite in CipherSuite.rc4Suites:
return "rc4"
elif ciphersuite in CipherSuite.tripleDESSuites:
return "3des"
elif ciphersuite in CipherSuite.nullSuites:
return "null"
elif ciphersuite in CipherSuite.chacha20draft00Suites:
return "chacha20-poly1305_draft00"
elif ciphersuite in CipherSuite.chacha20Suites:
return "chacha20-poly1305"
else:
return None
@staticmethod
def canonicalMacName(ciphersuite):
"""Return the canonical name of the MAC whose number is provided."""
if ciphersuite in CipherSuite.sha384Suites:
return "sha384"
elif ciphersuite in CipherSuite.sha256Suites:
return "sha256"
elif ciphersuite in CipherSuite.shaSuites:
return "sha"
elif ciphersuite in CipherSuite.md5Suites:
return "md5"
else:
return None
# The following faults are induced as part of testing. The faultAlerts
# dictionary describes the allowed alerts that may be triggered by these
# faults.
class Fault:
badUsername = 101
badPassword = 102
badA = 103
clientSrpFaults = list(range(101,104))
badVerifyMessage = 601
clientCertFaults = list(range(601,602))
badPremasterPadding = 501
shortPremasterSecret = 502
clientNoAuthFaults = list(range(501,503))
badB = 201
serverFaults = list(range(201,202))
badFinished = 300
badMAC = 301
badPadding = 302
genericFaults = list(range(300,303))
faultAlerts = {\
badUsername: (AlertDescription.unknown_psk_identity, \
AlertDescription.bad_record_mac),\
badPassword: (AlertDescription.bad_record_mac,),\
badA: (AlertDescription.illegal_parameter,),\
badPremasterPadding: (AlertDescription.bad_record_mac,),\
shortPremasterSecret: (AlertDescription.bad_record_mac,),\
badVerifyMessage: (AlertDescription.decrypt_error,),\
badFinished: (AlertDescription.decrypt_error,),\
badMAC: (AlertDescription.bad_record_mac,),\
badPadding: (AlertDescription.bad_record_mac,)
}
faultNames = {\
badUsername: "bad username",\
badPassword: "bad password",\
badA: "bad A",\
badPremasterPadding: "bad premaster padding",\
shortPremasterSecret: "short premaster secret",\
badVerifyMessage: "bad verify message",\
badFinished: "bad finished message",\
badMAC: "bad MAC",\
badPadding: "bad padding"
}